A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior
IEEE Transactions on Software Engineering
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Probability and statistics with reliability, queuing and computer science applications
Probability and statistics with reliability, queuing and computer science applications
Jini Specification
Fault Tolerance: Principles and Practice
Fault Tolerance: Principles and Practice
Survivability: Protecting Your Critical Systems
IEEE Internet Computing
ANSWER: AutoNomouS netWorked sEnsoR system
Journal of Parallel and Distributed Computing
Security and Trust in IT Business Outsourcing: a Manifesto
Electronic Notes in Theoretical Computer Science (ENTCS)
An algorithm for the appraisal of assurance indicators for complex business processes
Proceedings of the 2007 ACM workshop on Quality of protection
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
TSR: trust-based secure MANET routing using HMMs
Proceedings of the 4th ACM symposium on QoS and security for wireless and mobile networks
Traffic Engineering Based Attack Detection in Active Networks
ICDCN '09 Proceedings of the 10th International Conference on Distributed Computing and Networking
Transactions on Computational Science IV
Software security analysis and assessment model for the web-based applications
Journal of Computational Methods in Sciences and Engineering
Availability Analysis of a Scalable Intrusion Tolerant Architecture with Two Detection Modes
CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
EUC'07 Proceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computing
Optimizing security measures in an intrusion tolerant database system
ISAS'08 Proceedings of the 5th international conference on Service availability
A framework for security quantification of networked machines
COMSNETS'10 Proceedings of the 2nd international conference on COMmunication systems and NETworks
Formal approach to security metrics.: what does "more secure" mean for you?
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Cyber security quantification model
Proceedings of the 3rd international conference on Security of information and networks
Security evaluation of layered intrusion tolerant systems
ASMTA'10 Proceedings of the 17th international conference on Analytical and stochastic modeling techniques and applications
State space approach to security quantification
COMPSAC-W'05 Proceedings of the 29th annual international conference on Computer software and applications conference
On design tradeoffs between security and performance in wireless group communicating systems
NPSEC'05 Proceedings of the First international conference on Secure network protocols
Towards autonomic mode control of a scalable intrusion tolerant architecture
ATC'10 Proceedings of the 7th international conference on Autonomic and trusted computing
Testing and validating machine learning classifiers by metamorphic testing
Journal of Systems and Software
Formal analysis of security metrics and risk
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
A hybrid ranking approach to estimate vulnerability for dynamic attacks
Computers & Mathematics with Applications
Availability analysis of an IMS-based VoIP network system
ICCSA'10 Proceedings of the 2010 international conference on Computational Science and Its Applications - Volume Part IV
A self-healing mechanism for an intrusion tolerance system
TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
Modeling and evaluating the survivability of an intrusion tolerant database system
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Network Security
An adaptive mode control algorithm of a scalable intrusion tolerant architecture
Journal of Computer and System Sciences
Towards a secure and available smart grid using intrusion tolerance
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
A stochastic model of attack process for the evaluation of security metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
A Formal Framework for Patch Management
International Journal of Interdisciplinary Telecommunications and Networking
Hi-index | 0.00 |
Complex software and network based information server systems may exhibit failures. Quite often, such failures may not be accidental. Instead some failures may be caused by deliberate security intrusions with the intent ranging from simple mischief, theft of confidential information to loss of crucial and possibly life saving services. Not only it is important to prevent and/or tolerate security intrusions, it is equally important to treat security as a QoS attribute at par with other QoS attributes such as availability and performance. This paper deals with various issues related to quantifying the security attributes of an intrusion tolerant system, such as the SITAR system. A security intrusion and the response of an intrusion tolerant system to an attack is modeled as a random process. This facilitates the use of stochastic modeling techniques to capture the attacker behavior as well as the system's response to a security intrusion. This model is used to analyze and quantify the security attributes of the system. The security quantification analysis is first carried out for steady-state behavior leading to measures like steady-state availability. By transforming this model to a model with absorbing states, we compute a security measure called the "mean time (or effort) to security failure" (MTTSF) and also compute probabilities of security failure due to violations of different security attributes.